Most organizations are at an elevated risk of attack
The risk of cyberattacks has increased in the last year. According to a Trend Micro survey, 80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 months.
The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the first half of 2021 the CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk.
“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Jon Clay, VP of threat intelligence for Trend Micro.
“To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”
Organizations ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.
Key findings
- 86% said it was somewhat to very likely that they’d suffer serious cyberattacks in the next 12 months, compared to 83% last time
- 24% suffered 7+ cyberattacks that infiltrated networks/systems, versus 23% in the previous report.
- 21% had 7+ breaches of information assets, versus 19% in the previous report.
- 20% of respondents said they’d suffered 7+ breaches of customer data over the past year, up from 17% in the last report.
Among the top two infrastructure risks was cloud computing. Global organizations gave it a 6.77, ranking it as an elevated risk on the index’s 10-point scale. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.
The top cyber risks
- Man-in-the-middle attacks
- Ransomware
- Phishing and social engineering
- Fileless attack
- Botnets
The top security risks to infrastructure remain the same as last year, and include organizational misalignment and complexity, as well as cloud computing infrastructure and providers. In addition, respondents identified customer turnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks for organizations globally.
The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organizations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.